Set the NO Rpath/RunPath compilation option by changing "hardcode_into_libs=yes" to "hardcode_into_libs=no" in libtool.
NO Rpath/RunPath: eliminates dynamic library search paths, which defense against attacks by replacing dynamic libraries with the same name.If the directory specified by rpath/runpath contains a directory that a common user has the write permission on, the common user will replace the dynamic library with the same name, causing permission escalation attacks.
Signed-off-by: Qi Tao taoqi10@huawei.com --- README.md | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/README.md b/README.md index 378fc81..a2ee9a2 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ Build and install UADK ./cleanup.sh ./autogen.sh ./configure + sed -i "s/hardcode_into_libs=yes/hardcode_into_libs=no/g" ./libtool make sudo make install ``` @@ -71,6 +72,7 @@ For openssl 1.1 cd uadk_engine autoreconf -i ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae] + sed -i "s/hardcode_into_libs=yes/hardcode_into_libs=no/g" ./libtool make sudo make install
@@ -113,6 +115,7 @@ Install libraries to the temp folder $ cd uadk $ ./autogen.sh $ ./configure --prefix=/tmp/build + $ sed -i "s/hardcode_into_libs=yes/hardcode_into_libs=no/g" ./libtool $ make; make install
$ pkg-config libwd --libs @@ -121,6 +124,7 @@ Install libraries to the temp folder $ cd uadk_engine $ autoreconf -i $ ./configure --prefix=/tmp/build + $ sed -i "s/hardcode_into_libs=yes/hardcode_into_libs=no/g" ./libtool $ make; make install
// For openssl 1.1